Buffer Overflow Vulnerabilities in Central Communications Could Lead to Remote Code Execution
CVE-2024-31469

9.8CRITICAL

Key Information:

Vendor: HP (HP)
Status: Aos-8 Instant And Aos-10 Ap
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-31469?

The buffer overflow vulnerabilities present in Aruba's Central Communications service expose systems to significant risks by allowing unauthenticated remote code execution. Attackers can send specially crafted packets to the PAPI UDP port (8211), leading to the execution of arbitrary code with elevated privileges on the underlying operating system. This highlights a critical security concern for organizations using Aruba access points that utilize the PAPI management protocol, necessitating immediate attention to security patches and implementation of best practices for network safety.

Affected Version(s)

AOS-8 Instant and AOS-10 AP 10.5.0.0 <= 10.5.1.0

AOS-8 Instant and AOS-10 AP 10.4.0.0 <= 10.4.1.0

AOS-8 Instant and AOS-10 AP 8.11.0.0 <= 8.11.2.1

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024
Vulnerability Reserved
Apr 3, 2024

Credit

Erik De Jong (bugcrowd.com/erikdejong)

HP (HP)

What is CVE-2024-31469?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit